Object-Level security is what managest most of the security in the database. It is a set of four levels, where each level encompasses all of the priviledges of the previous level. All access for object-levels is on a per-object basis--allowing one or more objects a certain level of privilege to another object depending upon the level it is defined in.
Any object or user can manage objects, be a writer on objects and a trustee on other objects. User classes (i.e. builder, programmer, admin) are not associated with any security level, they exist simply to group commands and more powerful interfaces. The levels are:
System Level
This level is the top level, encompassing administrators and system-level objects (such as $root and $sys). By default Administrators do not have this level enabled (it can be enabled each session with the command @mojo). Manager Level
Every object has a manager. The manager has full permissions on the specific object. Quota usage is also based off the object Manager. Writer Level
An object can have any number of writers. Writer Level permissions give full access to an object, with a few exceptions:
- Writers cannot change any access permissions on an object (this includes adding other writers or changing the Manager).
- Writers cannot change the object's parents.
- Writers cannot destroy the object.
Trustee Level
An object trustee is simply another object that is trusted more than random objects but less than a writer. The amount of access given depends upon the subsystem. For instance, adding a user as a trustee to a location they are not a Manager or Writer of will give them the ability to extend other rooms from it.
Object-Levels | Groups
the Cold Dark